本文整理汇总了Python中esapi.core.ESAPI.encoder方法的典型用法代码示例。如果您正苦于以下问题:Python ESAPI.encoder方法的具体用法?Python ESAPI.encoder怎么用?Python ESAPI.encoder使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类esapi.core.ESAPI的用法示例。
在下文中一共展示了ESAPI.encoder方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_encode_for_xml_attribute
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def test_encode_for_xml_attribute(self):
instance = ESAPI.encoder()
self.assertEquals(None, instance.encode_for_xml_attribute(None))
self.assertEquals(" ", instance.encode_for_xml_attribute(" "))
self.assertEquals("<script>", instance.encode_for_xml_attribute("<script>"))
self.assertEquals(",.-_", instance.encode_for_xml_attribute(",.-_"))
self.assertEquals(" !@$%()=+{}[]", instance.encode_for_xml_attribute(" [email protected]$%()=+{}[]"))示例2: validate_roles
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def validate_roles(self, roles):
"""
Checks that the roles passed in contain only letters, numbers, and
underscores. Also checks that roles are no more than 10 characters long.
If a role does not pass validation, it is not included in the list of
roles returned by this method. A log warning is also generated for any
invalid roles.
@param roles: the list of roles to validate according to the criteria
stated above.
@return: a list of roles that are valid according to the criteria
stated above.
"""
ret = []
for role in roles:
canonical = ''
try:
stripped = role.strip()
canonical = ESAPI.encoder().canonicalize(stripped)
except EncodingException, extra:
self.logger.warning( Logger.SECURITY_FAILURE,
_("Failed to canonicalize role: %(role)s") %
{'role' : stripped},
extra )
if not ESAPI.validator().is_valid_input(
"Roles in FileBasedAccessController",
canonical,
"AccessControlRule", 200, False ):
self.logger.warning( Logger.SECURITY_FAILURE,
_("Role is invalid, and was not added to the list of roles for this rule: %(role)s") %
{'role' : stripped} )
else:示例3: hash
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def hash(self, plaintext, salt, iterations=None):
# Verify a MasterSalt has been set
if not self.master_salt or len(self.master_salt) < 20:
raise Exception(
_("There is an error in the application configuration. The MasterSalt has not been set properly. Please see the instructions in the README for setting up a crypto keyring. Currently, Encryptor_MasterSalt=%(value)s") %
{'value' : self.master_salt})
if iterations is None:
iterations = self.hash_iterations
try:
digest = hashlib.new(self.hash_algorithm)
digest.update(self.master_salt)
digest.update(salt)
digest.update(plaintext)
bytes = digest.digest()
for i in range(self.hash_iterations):
digest = hashlib.new(self.hash_algorithm)
digest.update(bytes)
bytes = digest.digest()
encoded = ESAPI.encoder().encode_for_base64(bytes)
return encoded
except ValueError, e:
raise EncryptionException(
_("Problem hashing"),
_("Internal Error - Can't find hash algorithm ") + self.hash_algorithm
)示例4: test_windows_codec
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def test_windows_codec(self):
instance = ESAPI.encoder()
win = WindowsCodec()
immune = []
self.assertEquals(None, instance.encode_for_os(win, None))
npbs = PushbackString("n")
self.assertEquals(None, win.decode_character(npbs))
epbs = PushbackString("")
self.assertEquals(None, win.decode_character(epbs))
c = '<'
cpbs = PushbackString(win.encode_character(immune, c))
decoded = win.decode_character(cpbs)
self.assertEquals(c, decoded)
orig = "c:\\jeff"
enc = win.encode(Encoder.CHAR_ALPHANUMERICS, orig)
self.assertEquals(orig, win.decode(enc))
self.assertEquals(orig, win.decode(orig))
self.assertEquals("c^:^\\jeff", instance.encode_for_os(win, "c:\\jeff"));
self.assertEquals("c^:^\\jeff", win.encode(immune, "c:\\jeff"))
self.assertEquals("dir^ ^&^ foo", instance.encode_for_os(win, "dir & foo"))
self.assertEquals("dir^ ^&^ foo", win.encode(immune, "dir & foo"))示例5: test_unix_codec
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def test_unix_codec(self):
instance = ESAPI.encoder()
unix = UnixCodec()
immune = ''
self.assertEquals(None, instance.encode_for_os(unix, None))
npbs = PushbackString("n")
self.assertEquals(None, unix.decode_character(npbs))
c = '<'
cpbs = PushbackString(unix.encode_character(immune, c))
decoded = unix.decode_character(cpbs)
self.assertEquals(c, decoded)
epbs = PushbackString("")
self.assertEquals(None, unix.decode_character(epbs))
orig = "/etc/passwd"
enc = unix.encode(immune, orig)
self.assertEquals(orig, unix.decode(enc))
self.assertEquals(orig, unix.decode(orig))
self.assertEquals("c\\:\\\\jeff", instance.encode_for_os(unix, "c:\\jeff"))
self.assertEquals("c\\:\\\\jeff", unix.encode(immune, "c:\\jeff"))
self.assertEquals("dir\\ \\&\\ foo", instance.encode_for_os(unix, "dir & foo"))
self.assertEquals("dir\\ \\&\\ foo", unix.encode(immune, "dir & foo"))
# Unix paths (that must be encoded safely)
self.assertEquals("\\/etc\\/hosts", instance.encode_for_os(unix, "/etc/hosts"))
self.assertEquals("\\/etc\\/hosts\\;\\ ls\\ -l", instance.encode_for_os(unix, "/etc/hosts; ls -l"))
self.assertEquals("\\", unix.decode('\\'))
self.assertEquals(unichr(12345), unix.encode('', unichr(12345)))示例6: log
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def log(self, level, event_type, message, exception=None):
"""
Log the message after optionally encoding any special characters
that might be dangerous when viewed by an HTML based log viewer.
Also encode any carriage returns and line feeds to prevent log
injection attacks. This logs all the supplied parameters plus the
user ID, user's source IP, a logging specific session ID, and the
current date/time.
It will only log the message if the current logging level is
enabled, otherwise it will discard the message.
@param level: the severity level of the security event
@param event_type: the event_type of the event
(SECURITY, FUNCTIONALITY, etc.)
@param message: the message
@param exception: an exception
"""
# Before we waste all kinds of time preparing this event for the
# log, let check to see if its loggable
if not self.pyLogger.isEnabledFor(level):
return
user = ESAPI.authenticator().current_user
# create a random session number for the user to represent the
# user's 'session', if it doesn't exist already
sid = _("unknown")
request = ESAPI.http_utilities().current_request
if request is not None:
session = request.session
if session is not None:
sid = session.get('ESAPI_SESSION', None)
# if there is no session id for the user yet, create one
# and store it in the user's session
if sid is None:
sid = str(ESAPI.randomizer().get_random_integer(0, 1000000))
session['ESAPI_SESSION'] = sid
# ensure there's something to log
if message is None:
message = ""
# ensure no CRLF injection into logs for forging records
clean = message.replace('\n', '_').replace('\r', '_')
if ESAPI.security_configuration().get_log_encoding_required():
clean = ESAPI.encoder().encode_for_html(message)
if message != clean:
clean += " (Encoded)"
extra = {
'eventType' : str(event_type),
'eventSuccess' : [_("SUCCESS"),_("FAILURE")][event_type.is_success()],
'user' : user.account_name,
'hostname' : user.last_host_address,
'sessionID' : sid,
}
self.pyLogger.log(level, clean, extra=extra) 示例7: encrypt_state_in_cookie
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def encrypt_state_in_cookie(self, cleartext_map, response=None):
if response is None:
response = self.current_response
buf = ''
for key, value in cleartext_map.items():
if buf != '':
buf += '&'
try:
key = ESAPI.encoder().encode_for_url( key )
value = ESAPI.encoder().encode_for_url( value )
buf += "%s=%s" % (key, value)
except EncodingException, extra:
self.logger.error( Logger.SECURITY_FAILURE,
_("Problem encrypting state in cookie - skipping entry"),
extra=extra )示例8: __init__
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def __init__(self, encoder=None):
Validator.__init__(self)
if encoder:
self.encoder = encoder
else:
self.encoder = ESAPI.encoder()
self.make_file_validator()示例9: test_encode_for_base64
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def test_encode_for_base64(self):
instance = ESAPI.encoder()
self.assertEquals(None, instance.encode_for_base64(None))
self.assertEquals(None, instance.decode_from_base64(None))
for i in range(100):
random_string = ESAPI.randomizer().get_random_string( 20, Encoder.CHAR_SPECIALS )
encoded = instance.encode_for_base64( random_string )
decoded = instance.decode_from_base64( encoded )
self.assertEquals( random_string, decoded )示例10: test_encode_for_dn
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def test_encode_for_dn(self):
instance = ESAPI.encoder()
self.assertEquals(None, instance.encode_for_dn(None))
self.assertEquals("Hello�", instance.encode_for_dn("Hello�"), "No special characters to escape")
self.assertEquals("\\# Hello�", instance.encode_for_dn("# Hello�"), "leading #")
self.assertEquals("\\ Hello�", instance.encode_for_dn(" Hello�"), "leading space")
self.assertEquals("Hello�\\ ", instance.encode_for_dn("Hello� "), "trailing space")
self.assertEquals("Hello\\<\\>", instance.encode_for_dn("Hello<>"), "less than greater than")
self.assertEquals("\\ \\ ", instance.encode_for_dn(" "), "only 3 spaces")
self.assertEquals("\\ Hello\\\\ \\+ \\, \\\"World\\\" \\;\\ ", instance.encode_for_dn(" Hello\\ + , \"World\" ; "), "Christmas Tree DN")示例11: __init__
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def __init__(self, type_name, encoder=None):
self.type_name = None
self.allow_none = False
self.encoder = None
if encoder:
self.set_encoder( encoder )
else:
self.set_encoder( ESAPI.encoder() )
self.set_type_name(type_name)示例12: gen_keys
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def gen_keys(self):
"""
Create new keys.
"""
print (_("Creating new keys in %(location)s") %
{'location' : self.keys_location} )
# Create symmetric key
os.makedirs(self.keys_symmetric_location)
keyczartool.main(
['create',
"--location=%s" % self.keys_symmetric_location,
"--purpose=crypt"] )
keyczartool.main(
['addkey',
"--location=%s" % self.keys_symmetric_location,
"--status=primary",
"--size=%s" % self.encryption_key_length] )
# Create asymmetric private keys for signing
os.makedirs(self.keys_asymmetric_private_location)
keyczartool.main(
['create',
"--location=%s" % self.keys_asymmetric_private_location,
"--purpose=sign",
"--asymmetric=%s" % self.encrypt_algorithm] )
keyczartool.main(
['addkey',
"--location=%s" % self.keys_asymmetric_private_location,
"--status=primary",
"--size=%s" % self.signing_key_length] )
# Extract public keys for signing
os.makedirs(self.keys_asymmetric_public_location)
keyczartool.main(
['create',
"--location=%s" % self.keys_asymmetric_public_location,
"--purpose=sign",
"--asymmetric=%s" % self.encrypt_algorithm] )
keyczartool.main(
['pubkey',
"--location=%s" % self.keys_asymmetric_private_location,
"--status=primary",
"--destination=%s" % self.keys_asymmetric_public_location] )
# Gen a new master salt
from os import urandom
salt = urandom(20)
print "Please modify this line in esapi/conf/settings.py:"
print "Encryptor_MasterSalt = '" + ESAPI.encoder().encode_for_base64(salt) + "'"
print "Done!"示例13: test_decode_from_base64
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def test_decode_from_base64(self):
instance = ESAPI.encoder()
for i in range(100):
random_string = ESAPI.randomizer().get_random_string( 20, Encoder.CHAR_SPECIALS )
encoded = instance.encode_for_base64( random_string )
decoded = instance.decode_from_base64( encoded )
self.assertEqual( random_string, decoded )
for i in range(100):
random_string = ESAPI.randomizer().get_random_string( 20, Encoder.CHAR_SPECIALS )
encoded = ESAPI.randomizer().get_random_string(1, Encoder.CHAR_ALPHANUMERICS) + instance.encode_for_base64( random_string )
decoded = instance.decode_from_base64( encoded )
self.assertFalse( random_string == decoded )示例14: test_percent_codec
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def test_percent_codec(self):
instance = ESAPI.encoder()
### High level
self.assertEquals(None, instance.encode_for_url(None))
self.assertEquals("%3Cscript%3E", instance.encode_for_url("<script>"))
self.assertEquals("%03", instance.encode_for_url(unichr(3)))
self.assertEquals("+", instance.encode_for_url(" "))
self.assertEquals(unichr(12345), instance.encode_for_url(unichr(12345)))
self.assertEquals(None, instance.decode_from_url(None))
self.assertEquals("<script>", instance.decode_from_url("%3Cscript%3E"))
self.assertEquals(unichr(3), instance.decode_from_url("%03"))
self.assertEquals(" ", instance.decode_from_url("+++++") )
self.assertEquals(unichr(12345), instance.decode_from_url(unichr(12345)))
# Wrap in assertRaises
self.assertEquals("%3xridiculous", instance.decode_from_url( "%3xridiculous" ))示例15: test_codec_for_javascript
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import encoder [as 别名]
def test_codec_for_javascript(self):
instance = ESAPI.encoder()
### High level
self.assertEquals(None, instance.encode_for_javascript(None))
self.assertEquals("\\x3Cscript\\x3E", instance.encode_for_javascript("<script>"))
self.assertEquals(",.\\x2D_\\x20", instance.encode_for_javascript(",.-_ "))
self.assertEquals("\\x21\\x40\\x24\\x25\\x28\\x29\\x3D\\x2B\\x7B\\x7D\\x5B\\x5D", instance.encode_for_javascript("[email protected]$%()=+{}[]"))
# Unicode
self.assertEquals(unichr(12345), instance.encode_for_javascript(unichr(12345)))
### Low level
codec = JavascriptCodec()
# Bad hex format
self.assertEquals("\\xAQ", codec.decode("\\xAQ"))
self.assertEquals("\\uAAQ", codec.decode("\\uAAQ"))